公共 IP 地址前缀Public IP address prefix

公共 IP 地址前缀是 Azure 中预留的 IP 地址范围。A public IP address prefix is a reserved range of IP addresses in Azure. Azure 根据你指定的数量为你的订阅分配一个连续的地址范围。Azure gives a contiguous range of addresses to your subscription based on how many you specify.

如果不熟悉公共地址,请参阅公共 IP 地址If you're not familiar with public addresses, see Public IP addresses.

公共 IP 地址是从各 Azure 区域的地址池分配的。Public IP addresses are assigned from a pool of addresses in each Azure region. 下载 Azure 在每个区域使用的范围列表。You can download the list of ranges Azure uses for each region. 例如,40.72.128.0/18 是 Azure 在中国东部区域中使用的 100 多个范围之一。For example, 40.72.128.0/18 is one of over 100 ranges Azure uses in the China East region. 该范围包括从 40.72.128.1 到 40.72.191.254 的可用地址。The range includes the usable addresses of 40.72.128.1 - 40.72.191.254.

可通过指定一个名称和希望前缀包括的地址数,在 Azure 区域和订阅中创建公共 IP 地址前缀。You create a public IP address prefix in an Azure region and subscription by specifying a name, and how many addresses you want the prefix to include.

公共 IP 地址范围将分配有你选择的前缀。Public IP address ranges are assigned with a prefix of your choosing. 如果创建了前缀 /28,Azure 将从其范围之一提供16个 IP 地址。If you create a prefix of /28, Azure gives 16 ip addresses from one of its ranges.

除非创建范围,否则你不会知道 Azure 将分配哪个范围给你,但这些地址是连续的。You don't know which range Azure will assign until you create the range, but the addresses are contiguous.

公共 IP 地址前缀会产生费用,有关详细信息,请参阅公共 IP 地址定价Public IP address prefixes have a fee, for more information, see public IP address pricing.

为什么要创建公共 IP 地址前缀?Why create a public IP address prefix?

创建公共 IP 地址资源时,Azure 会从该区域中使用的任何一个范围分配可用的公共 IP 地址。When you create public IP address resources, Azure assigns an available public IP address from any of the ranges used in that region.

在 Azure 分配 IP 地址之前,你不会知道确切的 IP。Until Azure assigns the IP address, you won't know the exact IP. 此过程可能会在你创建允许特定 IP 地址的防火墙规则时造成问题。This process can be problematic when you create firewall rules that allow specific IP addresses. 对于添加的每个 IP 地址,必须添加相应的防火墙规则。For every IP address added, a corresponding firewall rule must be added.

从公共 IP 地址前缀向资源分配地址时,无需防火墙规则更新。When you assign addresses to your resources from a public IP address prefix, firewall rule updates aren't required. 整个范围将添加到规则。The entire range is added to the rule.

优点Benefits

  • 可以从已知范围创建公共 IP 地址资源。Creation of public IP address resources from a known range.
  • 防火墙规则配置带有范围,这些范围包括你当前已分配的公共 IP 地址以及你尚未分配的地址。Firewall rule configuration with ranges that include public IP addresses you've currently assigned, and addresses you haven't assigned yet. 有了这样的配置,便无需在你向新资源分配 IP 地址时更改防火墙规则。This configuration eliminates the need to change firewall rules as you assign IP addresses to new resources.
  • 可创建的默认范围大小为 /28 或 16 个 IP 地址。The default size of a range you can create is /28 or 16 IP addresses.
  • 可创建的范围的数量没有限制。There aren't limits as to how many ranges you can create. Azure 订阅中可包括的静态公共 IP 地址的最大数有一定限制。There are limits on the maximum number of static public IP addresses you can have in an Azure subscription. 你创建的范围数包含的静态公共 IP 地址数不能超过你的订阅中可包含的静态公共 IP 地址数。The number of ranges you create can't encompass more static public IP addresses than you can have in your subscription. 有关详细信息,请参阅 Azure 限制For more information, see Azure limits.
  • 使用来自前缀的地址创建的地址可以分配到可向其分配公共 IP 地址的任何 Azure 资源。The addresses that you create using addresses from the prefix can be assigned to any Azure resource that you can assign a public IP address to.
  • 可轻松查看该范围中哪些 IP 地址已提供,哪些 IP 地址尚未提供。You can easily see which IP addresses that are given and not given within the range.

方案Scenarios

可将以下资源关联到来自前缀的静态公共 IP 地址:You can associate the following resources to a static public IP address from a prefix:

资源Resource 方案Scenario 步骤Steps
虚拟机Virtual machines 将来自某个前缀的公共 IP 关联到 Azure 中的虚拟机可在将 IP 地址添加到防火墙中的允许列表时降低管理开销。Associating public IPs from a prefix to your virtual machines in Azure reduces management overhead when adding IP addresses to an allow list in the firewall. 可以使用单个防火墙规则添加整个前缀。You can add an entire prefix with a single firewall rule. 缩放 Azure 中的虚拟机时,可关联来自同一前缀的 IP,从而节省成本、时间和管理开销。As you scale with virtual machines in Azure, you can associate IPs from the same prefix saving cost, time, and management overhead. 将来自某个前缀的 IP 关联到虚拟机:To associate IPs from a prefix to your virtual machine:
1.创建前缀。1. Create a prefix.
2.从前缀创建 IP。2. Create an IP from the prefix.
3.将 IP 关联到虚拟机网络接口。3. Associate the IP to your virtual machine's network interface.
也可以将 IP 关联到虚拟机规模集You can also associate the IPs to a Virtual Machine Scale Set.
标准负载均衡器Standard load balancers 将来自某个前缀的公共 IP 关联到负载均衡器的前端 IP 配置或出站规则可确保简化 Azure 公共 IP 地址空间。Associating public IPs from a prefix to your frontend IP configuration or outbound rule of a load balancer ensures simplification of your Azure public IP address space. 可以通过清理源自某个连续 IP 地址范围的出站连接来简化你的方案。Simplify your scenario by grooming outbound connections from a range of contiguous IP addresses. 若要将来自某个前缀的 IP 关联到负载均衡器,请执行以下操作:To associate IPs from a prefix to your load balancer:
1.创建前缀。1. Create a prefix.
2.从前缀创建 IP。2. Create an IP from the prefix.
3.创建负载均衡器时,请选择或更新在前面第 2 步中创建的 IP 作为负载均衡器的前端 IP。3. When creating the load balancer, select or update the IP created in step 2 above as the frontend IP of your load balancer.
Azure 防火墙Azure Firewall 可使用来自前缀的公共 IP 地址作为出站 SNAT。You can use a public IP from a prefix for outbound SNAT. 所有出站虚拟网络流量都会转换为 Azure 防火墙公共 IP。All outbound virtual network traffic is translated to the Azure Firewall public IP. 若要将来自某个前缀的 IP 关联到防火墙,请执行以下操作:To associate an IP from a prefix to your firewall:
1.创建前缀。1. Create a prefix.
2.从前缀创建 IP。2. Create an IP from the prefix.
3.部署 Azure 防火墙时,请务必选择你以前从该前缀提供的 IP。3. When you deploy the Azure firewall, be sure to select the IP you previously gave from the prefix.
应用程序网关 v2Application Gateway v2 对于自动缩放和区域冗余应用程序网关 v2,可以使用来自前缀的公共 IP。You can use a public IP from a prefix for your autoscaling and zone-redundant Application gateway v2. 若要将来自某个前缀的 IP 关联到网关,请执行以下操作:To associate an IP from a prefix to your gateway:
1.创建前缀。1. Create a prefix.
2.从前缀创建 IP。2. Create an IP from the prefix.
3.部署应用程序网关时,请务必选择你以前从该前缀提供的 IP。3. When you deploy the Application Gateway, be sure to select the IP you previously gave from the prefix.

约束Constraints

  • 不能指定前缀的 IP 地址。You can't specify the IP addresses for the prefix. Azure 将根据你指定的大小提供前缀的 IP 地址。Azure gives the IP addresses for the prefix, based on the size that you specify.

  • 默认情况下,可以创建最多 16 个 IP 地址的前缀或默认前缀 /28。You can create a prefix of up to 16 IP addresses or a /28 by default. 查看网络限制增加请求Azure 限制以获取详细信息。Review Network limits increase requests and Azure limits for more information.

  • 创建前缀后,无法更改该范围。You can't change the range, once you've created the prefix.

  • 仅使用标准 SKU 创建的静态公共 IP 地址可从前缀范围进行分配。Only static public IP addresses created with the Standard SKU can be assigned from the prefix's range. 若要详细了解公共 IP 地址 SKU,请参阅公共 IP 地址To learn more about public IP address SKUs, see public IP address.

  • 范围中的地址只能分配到 Azure 资源管理器资源。Addresses from the range can only be assigned to Azure Resource Manager resources. 这些地址不能分配到经典部署模型中的资源。Addresses can't be assigned to resources in the classic deployment model.

  • 从该前缀创建的所有公共 IP 地址都必须存在于该前缀所在的 Azure 区域和订阅中。All public IP addresses created from the prefix must exist in the same Azure region and subscription as the prefix. 地址必须分配给同一区域和订阅中的资源。Addresses must be assigned to resources in the same region and subscription.

  • 如果前缀中的任何地址被分配到与某个资源关联的公共 IP 地址资源,则无法删除该前缀。You can't delete a prefix if any addresses within it are assigned to public IP address resources associated to a resource. 首先应取消关联所有公共 IP 地址资源,这些资源通过前缀分配有 IP 地址。Dissociate all public IP address resources that are assigned IP addresses from the prefix first.

后续步骤Next steps

  • 创建公共 IP 地址前缀Create a public IP address prefix